CVE-2026-53865
7.1 HIGHOpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service path...
Published: 2026-06-16 · Last updated: 2026-06-16
Severity and scoring
- CVSS
- 7.1 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- CWE
- CWE-426
Description
OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unintended paths during maintenance operations by manipulating workspace-derived environment paths.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-53858 — OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could influence bu... (7.1 HIGH)
- CVE-2026-53846 — OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the ... (7.1 HIGH)
- CVE-2026-53842 — OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runti... (7.1 HIGH)
- CVE-2026-54055 — Kitty is a cross-platform GPU based terminal (5.0 MEDIUM)
- CVE-2026-53819 — OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can overri... (8.8 HIGH)